Hi,
I have generated stubs and bindings using cxf codegen. Everything runs fine however the server still rejects the message because of security issues. Basically I have 3 layers to take care all of which require certificates (which I have).
- SSL Encryption on the pipe
- certificate signature on specific data element
- certificate XML Signature on the payload data.
To spice up the soup somewhat I do not have full control on the actual signature and certificates. Basically I have to extract the proper data, send it off to be signed and I have to re-inject the signed data in the transaction.
The certificates I do have access are in the Windows certificate store of the local machine (SSL and some signature)
Reading the documentation the framework seems to rely heavily on config voodoo magic. Unfortunately most of the links I have found spend a lot of time explaining in details how to generate the certificates but are rather skimp on how we actually get to use them.
Using CXF how do I achieve this ?
How do I access the proper hooks and with what code can I inject a signature on the message ?
Thanks